def rule(event):
    if all(
        [
            "\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\"
            in event.deep_get("TargetObject", default=""),
            event.deep_get("TargetObject", default="").endswith("\\File"),
            not "\\System32\\Winevt\\Logs\\" in event.deep_get("Details", default=""),
        ]
    ):
        return True
    return False
